Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify handling of IP literal addresses #142

Merged
merged 3 commits into from
Jan 29, 2024
Merged

Simplify handling of IP literal addresses #142

merged 3 commits into from
Jan 29, 2024

Conversation

notroj
Copy link
Owner

@notroj notroj commented Jan 28, 2024 

Simplify handling of IP literal addresses; require that IPv6 literals
use the bracketed syntax; avoid name resolution for all literal addresses.

* src/ne_session.h: Clarify host parameter must match RFC 3986 syntax.

* src/ne_private.h (struct host_info): Add literal field.

* src/ne_session.c (free_hostinfo): Free literal field. (set_hostinfo): Parse and store IP literals including bracketed IPv6-literal. (ne_session_create) Use literal field to determine TLS SNI mode.

* test/utils.c (session_server): Use bracketed IPv6 literals.

* test/request.c (ipv6_host_checker, serve_v6_check, ipv6_literal): Test for bracketed form of IPv6 literals.

* src/ne_request.c (do_connect): Update comment.

@notroj
Simplify handling of IP literal addresses; require that IPv6 literals
a65f9a2 
use the bracketed syntax; avoid name resolution for all literal
addresses.

* src/ne_session.h: Clarify host parameter must match RFC 3986 syntax.

* src/ne_private.h (struct host_info): Add literal field.

* src/ne_session.c (free_hostinfo): Free literal field.
  (set_hostinfo): Parse and store IP literals including bracketed
  IPv6-literal.
  (ne_session_create) Use literal field to determine TLS SNI mode.

* test/utils.c (session_server): Use bracketed IPv6 literals.

* test/request.c (ipv6_host_checker, serve_v6_check, ipv6_literal):
  Test for bracketed form of IPv6 literals.

* src/ne_request.c (do_connect): Update comment.
@notroj notroj force-pushed the ipv6-literals branch 2 times, most recently from 0d9ce52 to f4187c9 Compare January 28, 2024 15:51
@notroj
Fix status, status_chunked tests.
3203d95 
* test/utils.c (session_server): Store the hostname.
  (get_session_host): New function.

* test/request.c (status, status_chunked): Use get_session_host() to
  accurately create the expected status notifier output.
@notroj notroj force-pushed the ipv6-literals branch 2 times, most recently from 7b7ee9d to 9dcf8a3 Compare January 28, 2024 21:27
@notroj
Update TLS identity checks to simplify literal address test, avoid
9fbf570 
matching a DNS name against an IP address, and remove URI altname
support since this is not specified by RFC 9110/6125.

* src/ne_openssl.c (check_identity): Take the host_info rather than a
  URI; only test DNS names for a non-literal identifier, and only test
  IP addresses for a literal identifier.
  (check_certificate): Adjust accordingly.

* src/ne_gnutls.c (check_identity, check_certificate): Update
  similarly.

* src/ne_session.c (ne__ssl_match_hostname): Drop now unnecessary
  safety check for IP addresses here.

* test/ssl.c (uri_altname, fail_bad_urialtname): Removed tests.
  (fail_ssl_request_with_error2): Update to use
  fakeproxied_session_server.
  (cert_identities): Drop altname8.cert (URI altname).

* test/makekeys.sh, test/openssl.conf: Drop URI altname cert generation.
@notroj notroj force-pushed the ipv6-literals branch 2 times, most recently from 881c56b to 9fbf570 Compare January 28, 2024 21:34
@notroj notroj merged commit 0432edd into master Jan 29, 2024
196 checks passed
@notroj notroj deleted the ipv6-literals branch January 29, 2024 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@notroj